Basically, it's a bot that hijacks your DNS to redirect your legitimate traffic to fake sites in order to steal your personal information (such as user names, passwords and credit card numbers).
Q. I received a notification, why?
A. We saw your modem querying the known bad ip addresses, indicative of this specific malware. You may have received a notice from us as an email, in-browser notice or via the U.S. Postal Service.
Q. How do you know I'm infected?
A. The ISC have taken over the bad servers, and replaced them with legit ones. We get data from ISC
that tells us which Comcast ip addresses are still using these servers for domain name resolution (DNS). If you were not infected, nothing behind your modem would be using them.
Q. Can you tell me which Computer it was?
A. Unfortunately, no. That would require us to do deep packet inspecting, which is invasive. To
keep your privacy intact, we can only see what your modem did. It's also likely that your router has had it's settings changed by the bot. We encourage that you check all devices in your home that use the internet.
Q. I have a Mac, can this be affected?
A. Yes. We have seen many Mac's infected with this bot already. It's also likely that your router has had it's settings changed by the bot. We encourage that you check all devices in your home that use the internet.
Q. Are you turning off my service if I can't fix this?
A. No, Comcast will not disable or disconnect your service. Because of the changes to your internet settings that the bot may have made, your internet service will no longer function unless you change the settings back. This can be done through our one-click fixes or manually… Visit http://xfinity.com/dnsbot to learn how.
I am an Official Comcast Employee. Official Employees are from multiple teams within Comcast: Product, Support, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation. Was your question answered? Mark it as an accepted solution!
I am an Official Comcast Employee. Official Employees are from multiple teams within Comcast. We ask that you post publicly so people with similar questions may benefit. Was your question answered? Mark it as an accepted solution!
I am a Comcast Employee. Please post so people with similar questions may benefit.
Was your question answered? Mark it as a solution!
There is a great site that has been put up by the DNS Changer Working Group, DCWG. It has a whole lot of resources around DNS Changer such as tools to remove it from a wide range of vendors, some interesting links to some cool sites with information on the latest issues, and a running total of infected machines. Also if you want to file complaint with the FBI if you were infected, you can contact them to tell them you were infected. The more people that register that they were infected will help the FBI to make an even stronger case.